I think the idea is, you create a dedicated "sandbox" account, install apps in it that you don't trust that want access to calendar, contacts, text messages, etc., and then don't put any real data of those kinds in the account. So, they still have permission to see those things, but they don't see anything when they look.
Note, I have not looked deeply, so maybe it doesn't work like I said. I would not expect multitasking to be very seamless with this method. Also, I know there are some permissions that have "cross-user" abilities, so maybe there is still a way to accidentally allow an app to access your real data.
Note, I have not looked deeply, so maybe it doesn't work like I said. I would not expect multitasking to be very seamless with this method. Also, I know there are some permissions that have "cross-user" abilities, so maybe there is still a way to accidentally allow an app to access your real data.